Security News > 2022 > June > A Microsoft Office 365 Feature Could Help Ransomware Hackers Hold Cloud Files Hostage
A "Dangerous piece of functionality" has been discovered in Microsoft 365 suite that could be potentially abused by a malicious actor to ransom files stored on SharePoint and OneDrive and launch attacks on cloud infrastructure.
The cloud ransomware attack makes it possible to launch file-encrypting malware to "Encrypt files stored on SharePoint and OneDrive in a way that makes them unrecoverable without dedicated backups or a decryption key from the attacker," Proofpoint said in a report published today.
The attack, at its core, hinges on a Microsoft 365 feature called AutoSave that creates copies of older file versions as and when users make edits to a file stored on OneDrive or SharePoint Online.
"Now all original versions of the files are lost, leaving only the encrypted versions of each file in the cloud account," the researchers explained.
Microsoft, in response to the findings, pointed out that older versions of files can be potentially recovered and restored for an additional 14 days with the assistance of Microsoft Support, a process that Proofpoint found to be unsuccessful.
"Files stored in a hybrid state on both endpoint and cloud such as through cloud sync folders will reduce the impact of this novel risk as the attacker will not have access to the local/endpoint files," the researchers said.
News URL
https://thehackernews.com/2022/06/a-microsoft-office-365-feature-could.html
Related news
- Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts (source)
- Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks (source)
- Ransomware gang using stolen Microsoft Entra ID creds to bust into the cloud (source)
- A Hacker's Era: Why Microsoft 365 Protection Reigns Supreme (source)
- Microsoft Office 2024 now available for Windows and macOS users (source)
- Embargo ransomware escalates attacks to cloud environments (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- New Mamba 2FA bypass service targets Microsoft 365 accounts (source)
- Microsoft says more ransomware stopped before reaching encryption (source)
- Microsoft: Ransomware Attacks Growing More Dangerous, Complex (source)